Bobcares

Installing mod_security on EC2 | Tutorial

by | Jun 20, 2022

Installing mod_security on EC2 is a piece of cake with this tutorial by our experts. 

At Bobcares, we offer solutions for every query, big and small, as a part of our AWS Support Services.

Let’s take a look at how our AWS Support Team helped our customers with installing mod_security on EC2.

Installing mod_security on EC2

Our Support Techs have put together this guide to help our customers and you install ModSecurity on EC2. To begin with, we have to run the following command:

# yum install mod_security –enablerepo=epel

Since epel repo is not enabled by default, we have to enable it as seen in the command above.

The mod_Security configuration files are at the following locations:

  • /etc/httpd/conf.d/mod_security.conf

    This is the main config file for the mod_security Apache module.

  • /etc/httpd/modsecurity.d/modsecurity_crs_10_config.conf

    We can customize the configuration in this file as per our requirements before deployment.

  • /var/log/httpd/modsec_debug.log

    We can use the debug messages in this file for debugging mod_security rules as well as other errors.

  • /etc/httpd/modsecurity.d/

    This folder contains all the other configuration files for the mod_security Apache.

  • /var/log/httpd/modsec_audit.log

    This log consists of requests that trigger a ModSecurity event or a server error.

After installing mod_security on EC2, we have to verify the ModSecurity engine is by running the following command and locating the line SecRuleEngine on:

more /etc/httpd/conf.d/mod_security.conf

How to setup mod_security on EC2

The OWASP or Open Web Application Security Project has a set of rules for ModSecurity. In other words, it offers a set of rules that offer protection for any web application.

Installing mod_security on EC2

We can add these rules to ModSecurity with the following commands:

cd ~
 sudo wget https://github.com/SpiderLabs/owasp-modsecurity-crs/zipball/master
 sudo unzip -q master
 cd /etc/httpd
 sudo mv ~/SpiderLabs-owasp-modsecurity-crs-* modsecurity-crs
 cd modsecurity-crs
 sudo cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_config.conf

After that, we have to edit the mod_security.conf file, in order to ensure the OWASP config file, is included during ModSecurity loading as seen below:

 cd ../conf.d
 sudo nano mod_security.conf

Then, we have to add these lines under # ModSecurity Core Rules Set and Local configuration:

 Include modsecurity-crs/local_rules/*.conf
 Include modsecurity-crs/modsecurity_crs_10_config.conf
 Include modsecurity-crs/base_rules/*.conf

At this point in time, we have to enable mod_unique_id Apache module as seen here:

sudo sed -i "s/#LoadModule unique_id_module modules\/mod_unique_id.so/LoadModule unique_id_module modules\/mod_unique_id.so/" /etc/httpd/conf/httpd.conf

Now, we have to restart Apache with this command:

sudo service httpd restart

In case, Apache fails to start and we get a message similar to the one below:

[alert] (EAI 2)Name or service not known: mod_unique_id: unable to find IPv4 address of “ip-x-x-x-x”

We have to add this line to the instance’s host file as seen here:

sudo nano /etc/hosts
 127.0.0.1 ip-x-x-x-x localhost

We can test the rules are working with a simple SQL injection attempt on the URL as seen here:

http://ourdomianname.com/?username=1'%20or%20'1'%20=%20'1&password=1'%20or%20'1'%20=%20'1

If the rules are working, we will see a 403 error. We can also head to the httpd error log at /var/log/httpd/error_log to view the messages by ModSecurity.

Let us know how installing mod_security on EC2 works out. If you run into any trouble, our experts are available 24/7.

[Need assistance with a different issue? We are available 24/7.]

Conclusion

In a nutshell, our skilled AWS Support Engineers at Bobcares demonstrated how to install mod_security on EC2.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF